Two-thirds of Bing users exposed to malicious links

Fraser Howard at Sophos Security decided to look into search engine poisoning that directs searchers to payday loan sites, and in the process of using a web appliance for blocking such efforts was able to gain quantitative stats on spam and malware-related links overall.

"Taking data from the last couple of weeks for search engine redirects blocked on our Web appliance, it is clear that the majority of the redirects are affecting those using the Bing search engine," Howard wrote in the company blog.

In general, celebrity searches have long been known as a dangerous web vector for luring the unwitting into clicking on malware-infested links. But Howard found that looking for pictures is proving to be more risky than looking for gossip, news or social media activity.

"Digging further into the data, it is also clear that the attackers are getting most success from poisoning image search results," Howard wrote. "Clearly the search engine providers are filtering poisoned results far more effectively from regular, text searches."

He added, “Unfortunately for users, it is very hard to recognize rogue images within image search results.”

Microsoft told NBC News that Bing "is able to detect pages consisting of machine-generated spam, keyword stuffing, redirect spam or malware, allowing Bing to effectively remove such sites from results. This is done through constant innovation on finding ways to detect the various evolving versions of the kinds of spam techniques we face."

It added, "signals that have been previously spammed now have countermeasures to prevent abuse. Bing has also developed several ranking signals to help weed out spam results and better understand the intent of the searcher. We are always looking to improve the Bing user experience for customers, and remain dedicated to providing a trusted and reliable search experience."

Howard cautioned that despite what companies might say, it takes a bit of personal responsibility to stay safe. "We all rely on the search engine providers managing to filter rogue links out of the search results (text and image searches)," he wrote. "The bottom line is that we are all guilty of trusting the results we get back, and clicking through without necessarily scrutinizing the URL as closely as we might."

What’s Hot on Infosecurity Magazine?